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Control Video Corporartlon 


MasterLine is a system created by Control Video Corporation to allow 
subscribers access to a library of software using a propietary access 
device (the Master Module). It is anticipated that most subscribers will 
access the software on a 'trial' basis. It is essential in this environment 
that a variety of mechanisms be available to ensure that downloaded 
software cannot be saved or duplicated except in ways authorized by the 
system. The collection of mechanisms useable in protecting software 
accessed through the MasterLine service is known as 'Copyright Protection 
Technology'. This document describes the techniques and tools available 
to software suppliers. 

ISSUES IN SOFTWARE PROTECTION 


in a trial-oriented system like Masterline, there are several layers of 
protection required: 


• protection against retaining a copy of software unless 
authorized 

• protection against unauthorized use of software even 
when permanent copies are permitted 

• protection against duplication of authorized permanent 
copies 

• protection against examination of internals of software 
even when permanent copies are permitted 


Tools are made available to particpating software vendors to address each 
of the above issues. As with any anti-piracy techniques, the tools can be 
used in a number of ways to accomplish each of the goals to varying 
degrees. 


UNAUTHORIZED PERMANENT COPIES 


In both the Apple II and the Commodore 64, programs can disallow access 
to 'monitor' programs, effectively eliminating the ability to use simple 
techniques to make permanent copies of downloaded software. The 
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MasterLine driver program that is made available to subscribers (diskette 
for the Apple II and cartridge for the Commodore 64) only allows a user to 
identify himself and the particular piece of software he wishes to 
download. Nowhere in the MasterLine driver is there any 'save' software. 
In fact, in the Apple II, the driver exists in the memory area normally 
occupied by DOS, i.e. no 'save' software is present anywhere in memory. 

For the vast majority of potential subscribers, these simiple techniques 
'Will suffice to prevent unauthorized software saves. However, this 
method is not designed to thwart subscribers equipped with 'snapshot' 
hardware such as the **company name** Wild Card for the Apple ll+/e. If 
it is desired to provide protection against hardware-based methods, it is 
necessary to assume that 'authorized' copies are always available and use 
methods described below. 

PERMANENT COPIES OF SOFTWARE 


There are quite a few reasons why it will, at times, become necessary to 
allow the subscriber to retain a permanent copy of all or part of a 
particular piece of software. A few of the possible reasons are: 

• certain pieces of software assume the existence of data 
and/or software on disk and cannot be economically 
restructed to run exclusively in memory 

• it may be desirable to allow the user to examine the 
software over time without requiring repeated long 
downloads each time he wishes to run it 

As soon as we allow the subscriber to retain a copy of all or part of the 
software on disk, the remaining three protection issues of unauthorized 
use, duplication and examination arise. The primary tool available to 
software suppliers within the MasterLine environment is a mechanism 
called ’Active Copyright Protection Technology' (ACPT). ACPT will be 
discussed in detail below. First, it should be pointed out, however, that 
often several simple techniques can be used to eliminate or protect 
against the dangers associated with disk copies of software; 

• software suppliers have the option of making software 
subsets available to MasterLine subscribers. That is, 
key features (e.g. 'SAVE' in a word-processor) can be 
removed from the version supplied. In this case, the 
disk copy has dramatically less value the commercially 
available software product. 

• key portions of the software can be eliminated from the 
disk copy. Subscribers can then be required to download 




the remoinder of the software vio MosterLine eoch time 
the software is used. The missing portions can be smaii 
enough so that download time is minimized, A clear 
example of this mechanism is software that requires 
significant amounts of disk-based data. The data could 
be downloaded for permanent storage on the user's disk, 
but the driver software itself could be held back. Here, 
of course, the disk containing only data, but no 
software, has no inherent value. 

ACTIVE COPYRIGHT PROTECTION TECHNOLQGV 


In a nutshell, the purpose of 'Active Copyright Protection Technology' 
(ACPT) is to ensure that the Master Module through which a particular 
piece of software was loaded is still present when the software is 
executed. Effectively, the serial number of the Master Module becomes an 
integral and necessary part of the software itself. The degree to which 
ACPT protects software is, like any other protection mechanism, a 
function of the degree to which the use of ACPT is entwined into and 
hidden within the protected software. 

Before we examine ways in which ACPT can be used, it is necessary to 
understand, generally, what this tool is and the mechanics of how a piece 
of software will use it. Briefly, the Master Module has built into it the 
ability to accept a 32 bit number from the PC and return a different 32 bit 
number in response. The power of the algorithm comes from the fact that 
this transformation is a function of a number of parameters: 

• a random number that changes from use to use (supplied 
by the software) 

• the serial number of the Master Module (resident in the 
Master Module's battery protected memory) 

• (for limited use software) a 'counter table' slot number 
(supplied through the software by the network). This 
table contains usage counters. If the allowed usages 
associated with the slot are exhausted, the Master- 
Module transformation is guaranteed to return an 
incorrect result. 

With these arguments, the mechanism has the following vital properties: 

• each exchange between the PC and the Master Module is 
unique 

• if the Master Module is not connected to the systemi, the 



exchange will, oi course, never complete 


• if the wrong Master Module is connected to the system, 
the exchange will not produce the expected result 

• if the 'limited use' option is selected and the specified 
number of uses have been exhausted, the exchange will 
not produce the expected result 


The net effect of these properties, coupled with software within the 
MasterLine network to manage the input and output of these 
transformations, is to permit the software to function only if the Master 
Module through which it was loaded it still connected to the PC. This 
effectively provides at least the second and third of our required software 
protection layers. The software cannot be used except as authorized by 
MasterLine. In addition, duplicates of the software share the same 
restrictions (including the same total usage count restrictions) as the 
original. 

WAVS TO USE ACTIVE COPVRiGHT PROTECTION TECHNOLOGY 


The ACPT mechanism available through MasterLine is a tool whose use in 
software protection is limited only by the imagination of the software 
designer. The protection implementations described here should be viewed 
as examples of ACPT usage. In addition. Control Video Corporation will 
supply several software modules on request to aid in the implementation 
of these and other techniques. 

• An ACPT Envelope - the simplest (and therefore the 
most vulnerable) use of ACPT is to begin execution of 
the software by submitting a unique 32 bit number to 
the Master Module and comparing the result to a 
predetermined 32 bit number (both of which have been 
placed into the software at download time by the 
MasterLine network). If the result of the exchange is 
other than that expected, the software refuses to run. 

The primary advantage of this technique is that it 
requires no knowledge of the internal workings of the 
software. Its disadvantage is that a sophisticated user 
only has one check to find and disable. 


• ACPT Checkpoints - a variation on the ACPT envelope 
places a number of these submit/compare events at 
various places within the software each with its own 
unique set of 32 bit numbers (the MasterLine network 
suports up to 8 of these pairs per piece of software). 
The major advantage of this technique is that the 


software designer can complicate the ability of the 
sophisticated user to find and disable these checkpoints. 

The primary disadvantages are the familiarity required 
to cleverly introduce these checkpoints and the fact 
that they must be introduced at time-insensitive points 
since the Master Module exchange can take 200-400 
milliseconds to accomplish. 

• ACPT Submits and Tests - an additional variation 
takes the result of the Master Module exchange and 
saves it or uses it as input to a calculation. The 
validity checks can then be removed from the 
submission in both memory and logical proximity. This 
further frustates the ability of the user to find and 
remove the tests. 

• ACPT Scrambling - a more elaborate use of the 
techniques allow the MasterLine network to scramble 
the software before it is downloaded. In this scenario, 
the scrambling is made dependent on the result of the 
ACPT exchange. The 32 bit seed number is downloaded 
to the 'clear portion of the software, but the 
descrambling requires the correct transformed 32 bit 
result. Thus, only a subscriber with the proper Master 
Module present can use the scrambled portion of the 
software. Importantly, being able to see the 
descrambling algorithm is of no value to the user, 
because the key to the algorithm is not present within 
the software at all. In addition, the software is not 
even available for examination without the proper 
descrambling, thus satisfying the last of the protection 
requirements. 

As was mentioned above, the techniques described above should be seen as 
examples of the methods available. Each software designer is free to use 
these methods or to create variations of his own. CVC staff is, of course, 
always willing to provide assistance in determining the effectiveness of 
any method. 






